In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection
system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document discusses security issues related to wireless sensor networks. It begins with an introduction to wireless sensor networks and an overview of security challenges due to limited sensor node capabilities. It then summarizes common attacks on different layers of wireless sensor networks and discusses security objectives. The document outlines key areas of research on sensor network security including key management, secure time synchronization, and secure routing. It provides details on different key management schemes, time synchronization protocols, and discusses vulnerabilities of existing synchronization schemes to various attacks.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...
This document proposes a hybrid architecture for a distributed intrusion detection system using multiple agents. The key aspects of the architecture include:
- Using multiple independent tracker agents that monitor hosts and generate reports sent to monitors and storage.
- Monitors analyze activity and compare to signatures to detect known attacks, or send data to anomaly detectors.
- Anomaly and misuse detectors use classification and pattern matching to detect known and unknown attacks.
- An inference module coordinates entities across hosts to classify new attacks using a knowledge base and signature generator.
- A countermeasure module alerts administrators and can take actions like dropping packets in response to detected attacks.
This document summarizes and evaluates techniques for identifying adversary attacks in wireless sensor networks. It begins by describing common types of attacks and issues with cryptographic identification methods. It then evaluates existing localization techniques like Received Signal Strength (RSS) and spatial correlation analysis. Specifically, it proposes the Generalized Model for Attack Detection (GMFAD) which uses Partitioning Around Medoids (PaM) clustering on RSS readings to detect multiple attackers. It also presents the Coherent Detection and Localization Model (CDAL-M) which integrates PaM with localization algorithms like RADAR and Bayesian networks to determine attacker locations. The document analyzes these techniques' effectiveness at detecting and localizing multiple adversary attackers in wireless sensor networks.
This document summarizes an article about intrusion detection systems (IDS) for secure mobile ad hoc networks (MANETs). It discusses the distributed and cooperative architecture of IDS for MANETs, where each node runs an IDS agent to detect intrusions locally and cooperate with other nodes. It describes several IDS approaches for MANETs including the Watchdog technique to detect misbehaving nodes, the Pathrater technique to find routes without those nodes, and the CORE technique which uses a collaborative reputation system. The document concludes that considering these IDS techniques can help make MANETs more secure.
This document proposes a trust count based validation method to lessen internal attacks in mobile ad hoc networks. The key aspects of the proposed method are:
1. The network is divided into hierarchical clusters, each with a fully trusted cluster head.
2. Each node holds a certificate from an offline certificate authority that includes the node's access policy and expiration time.
3. A trust count is periodically calculated for each node based on its access policy evaluations.
4. Cluster heads renew or reject member nodes' certificates based on their trust count values, aiming to mitigate internal attacks like node capture attacks.
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...
With the growing usage of wireless sensors in a variety of applications including Internet of Things, the security aspects of wireless sensor networks have been on priority for the researchers. Due to the constraints of resources in wireless sensor networks, it has been always a challenge to design efficient security protocols for wireless sensor networks. An novel elliptic curve signcryption based security protocol for wireless sensor networks has been presented in this paper, which provides anonymity, confidentiality, mutual authentication, forward security, secure key establishment, and key privacy at the same time providing resistance from replay attack, impersonation attack, insider attack, offline dictionary attack, and stolen-verifier attack. Results have revealed that the proposed elliptic curve signcryption based protocol consumes the least time in comparison to other protocols while providing the highest level of security.
Wireless Sensor Networks: An Overview on Security Issues and Challenges
Wireless Sensor Networks (WSNs) are formed by deploying as large number of sensor nodes in an area for the surveillance of generally remote locations. A typical sensor node is made up of different components to perform the task of sensing, processing and transmitting data. WSNs are used for many applications in diverse forms from indoor deployment to outdoor deployment. The basic requirement of every application is to use the secured network. Providing security to the sensor network is a very challenging issue along with saving its energy. Many security threats may affect the functioning of these networks. WSNs must be secured to keep an attacker from hindering the delivery of sensor information and from forging sensor information as these networks are build for remote surveillance and unauthorized changes in the sensed data may lead to wrong information to the decision makers. This paper gives brief description about various security issues and security threats in WSNs.
Protocols for Wireless Sensor Networks and Its Security
This paper proposes a protocol for Wireless Sensor Networks and its security which are characterized by severely constrained computational and energy resources, and an ad hoc operational environment. The paper first introduces sensor networks, and discusses security issues and goals along with security problems, threats, and risks in sensor networks. It describes crippling attacks against all of them and suggests countermeasures and design considerations. It gives a brief introduction of proposed security protocol SPINS whose building blocks are SNEP and μTESLA which overcome all the important security threats and problems and achieves security goals like data confidentiality, freshness, authentication in order to provide a secure Wireless Sensor Network
TRUST FACTOR AND FUZZY-FIREFLY INTEGRATED PARTICLE SWARM OPTIMIZATION BASED I...
Mobile Ad hoc Networks (MANET) is one of the rapidly emanating technologies, which has gained attention in a wide range of applications in the fields of military, private sectors, commercials and natural calamities. Securing MANET is a dominant responsibility, and hence, a trust factor and fuzzy based intrusion detection and prevention system is proposed for routing in this paper. Based on the trust values of the nodes, the fuzzy system identifies the intruder, such that the path generated in the MANET is secured. Moreover, an optimization algorithm, entitled Fuzzy integrated Particle Swarm Optimization (FuzzyFPSO), is proposed by the concatenation of the Firefly Algorithm (FA) and Particle Swarm Optimization (PSO) for the optimal path selection in order to provide secure routing. The simulation of the proposed methodology is NS2 simulator and analysis is carried out considering four cases, like without attack, flooding attacks, black hole attack and selective packet drop attack concerning throughput, delay and detection rate. The remarkable evaluation measures of the proposed Fuzzy-FPSO are the maximal throughput of 0.634, minimal delay of 0.044 , maximal detection rate of 0.697 and minimal routing overhead of 0.24550 And the evaluation measure for the case without any attacks are the maximal throughput of 0.762, minimal delay of 0.029 ,maximal detection rate of 0.805 and minimal routing overhead of 0.11511.
Due to inherent limitations in wireless sensor networks, security is a crucial issue. While research in WSN security is progressing at tremendous pace, no comprehensive document lists the security issues and the threat models which pose unique threats to the wireless sensor networks. In this paper we have made an effort to document all the known security issues in wireless sensor networks and have provided the research direction towards countermeasures against the threats posed by these issues
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...IJNSA Journal
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks.
In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
This document discusses security threats and attacks in wireless ad hoc networks. It begins by introducing ad hoc networks and some of the challenges in providing security in these networks due to their dynamic nature and lack of centralized authority. It then categorizes attacks as either passive or active, with passive attacks including eavesdropping and traffic analysis, and active attacks including masquerading, replay attacks, message modification, and denial-of-service attacks. The document reviews several security requirements and proposes hashing techniques as a potential solution to help secure routing protocols against various attacks. Specifically, it suggests using hash functions and hash chains to authenticate routing information and detect unauthorized modifications. The goal is to develop an efficient security approach that addresses issues like authentication, integrity
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document discusses security issues related to wireless sensor networks. It begins with an introduction to wireless sensor networks and an overview of security challenges due to limited sensor node capabilities. It then summarizes common attacks on different layers of wireless sensor networks and discusses security objectives. The document outlines key areas of research on sensor network security including key management, secure time synchronization, and secure routing. It provides details on different key management schemes, time synchronization protocols, and discusses vulnerabilities of existing synchronization schemes to various attacks.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
This document proposes a hybrid architecture for a distributed intrusion detection system using multiple agents. The key aspects of the architecture include:
- Using multiple independent tracker agents that monitor hosts and generate reports sent to monitors and storage.
- Monitors analyze activity and compare to signatures to detect known attacks, or send data to anomaly detectors.
- Anomaly and misuse detectors use classification and pattern matching to detect known and unknown attacks.
- An inference module coordinates entities across hosts to classify new attacks using a knowledge base and signature generator.
- A countermeasure module alerts administrators and can take actions like dropping packets in response to detected attacks.
This document summarizes and evaluates techniques for identifying adversary attacks in wireless sensor networks. It begins by describing common types of attacks and issues with cryptographic identification methods. It then evaluates existing localization techniques like Received Signal Strength (RSS) and spatial correlation analysis. Specifically, it proposes the Generalized Model for Attack Detection (GMFAD) which uses Partitioning Around Medoids (PaM) clustering on RSS readings to detect multiple attackers. It also presents the Coherent Detection and Localization Model (CDAL-M) which integrates PaM with localization algorithms like RADAR and Bayesian networks to determine attacker locations. The document analyzes these techniques' effectiveness at detecting and localizing multiple adversary attackers in wireless sensor networks.
This document summarizes an article about intrusion detection systems (IDS) for secure mobile ad hoc networks (MANETs). It discusses the distributed and cooperative architecture of IDS for MANETs, where each node runs an IDS agent to detect intrusions locally and cooperate with other nodes. It describes several IDS approaches for MANETs including the Watchdog technique to detect misbehaving nodes, the Pathrater technique to find routes without those nodes, and the CORE technique which uses a collaborative reputation system. The document concludes that considering these IDS techniques can help make MANETs more secure.
This document proposes a trust count based validation method to lessen internal attacks in mobile ad hoc networks. The key aspects of the proposed method are:
1. The network is divided into hierarchical clusters, each with a fully trusted cluster head.
2. Each node holds a certificate from an offline certificate authority that includes the node's access policy and expiration time.
3. A trust count is periodically calculated for each node based on its access policy evaluations.
4. Cluster heads renew or reject member nodes' certificates based on their trust count values, aiming to mitigate internal attacks like node capture attacks.
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...IJCNCJournal
With the growing usage of wireless sensors in a variety of applications including Internet of Things, the security aspects of wireless sensor networks have been on priority for the researchers. Due to the constraints of resources in wireless sensor networks, it has been always a challenge to design efficient security protocols for wireless sensor networks. An novel elliptic curve signcryption based security protocol for wireless sensor networks has been presented in this paper, which provides anonymity, confidentiality, mutual authentication, forward security, secure key establishment, and key privacy at the same time providing resistance from replay attack, impersonation attack, insider attack, offline dictionary attack, and stolen-verifier attack. Results have revealed that the proposed elliptic curve signcryption based protocol consumes the least time in comparison to other protocols while providing the highest level of security.
Wireless Sensor Networks: An Overview on Security Issues and ChallengesIJAEMSJORNAL
Wireless Sensor Networks (WSNs) are formed by deploying as large number of sensor nodes in an area for the surveillance of generally remote locations. A typical sensor node is made up of different components to perform the task of sensing, processing and transmitting data. WSNs are used for many applications in diverse forms from indoor deployment to outdoor deployment. The basic requirement of every application is to use the secured network. Providing security to the sensor network is a very challenging issue along with saving its energy. Many security threats may affect the functioning of these networks. WSNs must be secured to keep an attacker from hindering the delivery of sensor information and from forging sensor information as these networks are build for remote surveillance and unauthorized changes in the sensed data may lead to wrong information to the decision makers. This paper gives brief description about various security issues and security threats in WSNs.
Protocols for Wireless Sensor Networks and Its SecurityIJERA Editor
This paper proposes a protocol for Wireless Sensor Networks and its security which are characterized by severely constrained computational and energy resources, and an ad hoc operational environment. The paper first introduces sensor networks, and discusses security issues and goals along with security problems, threats, and risks in sensor networks. It describes crippling attacks against all of them and suggests countermeasures and design considerations. It gives a brief introduction of proposed security protocol SPINS whose building blocks are SNEP and μTESLA which overcome all the important security threats and problems and achieves security goals like data confidentiality, freshness, authentication in order to provide a secure Wireless Sensor Network
TRUST FACTOR AND FUZZY-FIREFLY INTEGRATED PARTICLE SWARM OPTIMIZATION BASED I...IJCNCJournal
Mobile Ad hoc Networks (MANET) is one of the rapidly emanating technologies, which has gained attention in a wide range of applications in the fields of military, private sectors, commercials and natural calamities. Securing MANET is a dominant responsibility, and hence, a trust factor and fuzzy based intrusion detection and prevention system is proposed for routing in this paper. Based on the trust values of the nodes, the fuzzy system identifies the intruder, such that the path generated in the MANET is secured. Moreover, an optimization algorithm, entitled Fuzzy integrated Particle Swarm Optimization (FuzzyFPSO), is proposed by the concatenation of the Firefly Algorithm (FA) and Particle Swarm Optimization (PSO) for the optimal path selection in order to provide secure routing. The simulation of the proposed methodology is NS2 simulator and analysis is carried out considering four cases, like without attack, flooding attacks, black hole attack and selective packet drop attack concerning throughput, delay and detection rate. The remarkable evaluation measures of the proposed Fuzzy-FPSO are the maximal throughput of 0.634, minimal delay of 0.044 , maximal detection rate of 0.697 and minimal routing overhead of 0.24550 And the evaluation measure for the case without any attacks are the maximal throughput of 0.762, minimal delay of 0.029 ,maximal detection rate of 0.805 and minimal routing overhead of 0.11511.
Due to inherent limitations in wireless sensor networks, security is a crucial issue. While research in WSN security is progressing at tremendous pace, no comprehensive document lists the security issues and the threat models which pose unique threats to the wireless sensor networks. In this paper we have made an effort to document all the known security issues in wireless sensor networks and have provided the research direction towards countermeasures against the threats posed by these issues
Wireless Networks Security in Jordan: A Field StudyIJNSA Journal
- The document summarizes a study that evaluated the security of wireless networks in Jordan through a process called "wardriving" where the researchers drove around with wireless network detection tools.
- The results found that the majority (79.52%) of wireless networks tested were unsecured and vulnerable. Most networks used either low levels of encryption (68.67%) or no encryption at all (11.45%).
- Nearly all networks broadcast the default SSID (92.17%), leaving them exposed to potential hackers since changing the SSID is a basic security precaution.
A review of privacy preserving techniques in wireless sensor networkAlexander Decker
This document reviews privacy preserving techniques in wireless sensor networks. It discusses the need for privacy in wireless sensor network applications due to various privacy attacks. It summarizes location privacy, data privacy, and network privacy techniques that have been developed to address challenges in preserving privacy for wireless sensor networks. The document also outlines unique challenges for privacy preservation in wireless sensor networks, such as an uncontrollable environment and resource constraints of sensor nodes.
- Wireless sensor networks are vulnerable to security attacks due to their distributed nature, multi-hop communication, and lack of resources. Intrusion detection systems play an important role in detecting attacks.
- There are three main types of intrusion detection systems: signature-based, anomaly-based, and specification-based (a hybrid of the two). Signature-based systems detect known attacks but miss new ones, while anomaly-based systems can detect new attacks but have high false positives.
- The paper compares these intrusion detection systems for wireless sensor networks and finds that anomaly-based systems have the lowest resource usage but may miss known attacks, while signature-based systems detect known attacks but use more resources. The best approach
Analysis of security threats in wireless sensor networkijwmn
Wireless Sensor Network(WSN) is an emerging technology and explored field of researchers worldwide
in the past few years, so does the need for effective security mechanisms. The sensing technology
combined with processing power and wireless communication makes it lucrative for being exploited in
abundance in future. The inclusion of wireless communication technology also incurs various types of
security threats due to unattended installation of sensor nodes as sensor networks may interact with
sensitive data and /or operate in hostile unattended environments. These security concerns be addressed
from the beginning of the system design. The intent of this paper is to investigate the security related
issues in wireless sensor networks. In this paper we have explored general security threats in wireless
sensor network with extensive study.
A NOVEL TWO-STAGE ALGORITHM PROTECTING INTERNAL ATTACK FROM WSNSIJCNC
Wireless sensor networks (WSNs) consists of small nodes with constrain capabilities. It enables numerous
applications with distributed network infrastructure. With its nature and application scenario, security of
WSN had drawn a great attention. In malicious environments for a functional WSN, security mechanisms
are essential. Malicious or internal attacker has gained attention as the most challenging attacks to
WSNs. Many works have been done to secure WSN from internal attacks but most of them relay on either
training data set or predefined thresholds. It is a great challenge to find or gain knowledge about the
Malicious. In this paper, we develop the algorithm in two stages. Initially, Abnormal Behaviour
Identification Mechanism (ABIM) which uses cosine similarity. Finally, Dempster-Shafer theory (DST)is
used. Which combine multiple evidences to identify the malicious or internal attacks in a WSN. In this
method we do not need any predefined threshold or tanning data set of the nodes.
A Survey on Security Issues to Detect Wormhole Attack in Wireless Sensor Networkpijans
Sensor nodes, when deployed to form Wireless sensor network operating under control of central authority
i.e. Base station are capable of exhibiting interesting applications due to their ability to be deployed
ubiquitously in hostile & pervasive environments. But due to same reason security is becoming a major
concern for these networks. Wireless sensor networks are vulnerable against various types of external and
internal attacks being limited by computation resources, smaller memory capacity, limited battery life,
processing power & lack of tamper resistant packaging. This survey paper is an attempt to analyze threats
to Wireless sensor networks and to report various research efforts in studying variety of routing attacks
which target the network layer. Particularly devastating attack is Wormhole attack- a Denial of Service
attack, where attackers create a low-latency link between two points in the network. With focus on survey of
existing methods of detecting Wormhole attacks, researchers are in process to identify and demarcate the
key research challenges for detection of Wormhole attacks in network layer.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document proposes a hybrid intrusion detection system (HIDS) for wireless sensor networks. The HIDS combines cluster-based and rule-based intrusion detection techniques. It is designed to address the limited resources of sensor networks while achieving high detection rates and low false positives. The system works by using cluster heads to detect intrusions based on both anomaly detection and comparing activities to known attack behaviors. A simulation evaluated the HIDS and found it performed intrusion detection efficiently while being energy efficient and having a high detection rate.
Wireless sensor networks are made up of number of tiny mobile nodes, which
have the capability of computation, sensing and wireless network communication. The
energy efficiency of each node in such kind of networks is one of the important issues under
consideration. Thus for these networks, sensor nodes life time is basically depends on use of
routing protocols for routing operations in WSN. There are various routing protocols
proposed by different researchers, which are considered as efficient on the basis of
performance of network lifetime and energy scavenging. There are different routing
protocols introduced for WSN such as flat routing protocols, clustering routing protocols,
hierarchical routing protocols etc. On the other hand, there are basically two types of
WSNs, homogeneous and heterogeneous sensor networks. As WSN is vulnerable to different
types of security threats, there are many security methods presented with their own
advantages and disadvantages. Most of security methods are applied only on homogeneous
WSN, but recently some methods were presented to provide the routing security in
heterogeneous WSNs as well. In this paper, the different security threats and Intrusions in
WSNs are presented, with review of different security methods.
In recent years, wireless sensor network (WSN) is used in several application areas resembling observance, tracking, and dominant in IoTs. for several applications of WSN, security is a crucial demand. However, security solutions in WSN disagree from ancient networks because of resource limitation and process constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. This paper additionally presents characteristics, security needs, attacks, cryptography algorithms, and operation modes. This paper is taken into account to be helpful for security designers in WSNs.
This document summarizes a research paper about denial of service (DoS) attacks on wireless sensor networks. It begins by outlining some key security goals for wireless sensor networks, including data confidentiality, integrity, availability, and authentication. It then discusses DoS attacks specifically, noting they aim to degrade efficient use of network resources. The document proposes that DoS attacks can occur at different layers of the OSI model. It provides examples of physical layer attacks like jamming and describes how frequency hopping can help counter jamming. In closing, it notes DoS attacks threaten the availability security goal for wireless sensor networks.
Wireless Sensor Networks: An Overview on Security Issues and ChallengesBRNSSPublicationHubI
This document summarizes security issues and challenges in wireless sensor networks (WSNs). WSNs are vulnerable to various security threats due to their wireless nature and constrained resources. The document outlines key requirements for WSN security like confidentiality, integrity, authentication, and availability. It discusses obstacles to security in WSNs like limited resources, unreliable communication, and unattended operation. Common attacks on WSNs are categorized as insider vs outsider, passive vs active, and mote-class vs laptop-class. The document provides a brief overview of security issues and threats at different layers of a WSN.
Analysis of denial of service (dos) attacks in wireless sensor networkseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Investigation of detection & prevention sinkhole attack in manetijctet
This document discusses sinkhole attacks in mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs). It provides background on sinkhole attacks, where a compromised node advertises a high quality route to attract network traffic. This can disrupt data transmission to the base station. The document reviews several existing detection techniques for sinkhole attacks, including algorithms using hop counting and mobile agents. It then proposes a new lightweight algorithm to detect sinkhole attacks in MANETs using network flow information collected by the base station and analysis of routing patterns to identify the intruder. The algorithm aims to provide secure and efficient sinkhole detection with low overhead.
Three level intrusion detection system based on conditional generative advers...IJECEIAES
Security threat protection is important in the internet of things (IoT) applications since both the connected device and the captured data can be hacked or hijacked or both at the same time. To tackle the above-mentioned problem, we proposed three-level intrusion detection system conditional generative adversarial network (3LIDS-CGAN) model which includes four phases such as first-level intrusion detection system (IDS), second-level IDS, third-level IDS, and attack type classification. In first-level IDS, features of the incoming packets are extracted by the firewall. Based on the extracted features the packets are classified into three classes such as normal, malicious, and suspicious using support vector machine and golden eagle optimization. Suspicious packets are forwarded to the second-level IDS which classified the suspicious packets as normal or malicious. Here, signature-based intrusions are detected using attack history information, and anomaly-based intrusions are detected using event-based semantic mapping. In third-level IDS, adversary packets are detected using CGAN which automatically learns the adversarial environment and detects adversary packets accurately. Finally, proximal policy optimization is proposed to detect the attack type. Experiments are conducted using the NS-3.26 network simulator and performance is evaluated by various performance metrics which results that the proposed 3LIDS-CGAN model outperforming other existing works.
CROSS LAYER INTRUSION DETECTION SYSTEM FOR WIRELESS SENSOR NETWORKIJNSA Journal
The wireless sensor networks (WSN) are particularly vulnerable to various attacks at different layers of the protocol stack. Many intrusion detection system (IDS) have been proposed to secure WSNs. But all these systems operate in a single layer of the OSI model, or do not consider the interaction and collaboration between these layers. Consequently these systems are mostly inefficient and would drain out the WSN. In this paper we propose a new intrusion detection system based on cross layer interaction between the network, Mac and physical layers. Indeed we have addressed the problem of intrusion detection in a different way in which the concept of cross layer is widely used leading to the birth of a new type of IDS. We have experimentally evaluated our system using the NS simulator to demonstrate its effectiveness in detecting different types of attacks at multiple layers of the OSI model.
Attacks and counterattacks on wireless sensor networksijasuc
WSN is formed by autonomous nodes with partial memory, communication range, power, and bandwidth.
Their occupation depends on inspecting corporal and environmental conditions and communing through a
system and performing data processing. The application field is vast, comprising military, ecology,
healthcare, home or commercial and require a highly secured communication. The paper analyses different
types of attacks and counterattacks and provides solutions for the WSN threats.
Securing WSN communication using Enhanced Adaptive Acknowledgement ProtocolIJMTST Journal
This document summarizes an enhanced adaptive acknowledgement protocol for securing wireless sensor network communication. It begins by describing security challenges in WSNs like the wireless medium, hostile environments, and resource constraints. It then discusses common security attacks like black hole and grey hole attacks. Existing acknowledgement schemes like Watchdog, TWOACK, and AACK are explained along with their limitations in detecting such attacks. The document proposes an Enhanced Adaptive Acknowledgement (EAACK) scheme that uses ACK, Secure ACK, and Misbehavior Report Authentication to better detect attacks while reducing overhead. EAACK aims to securely detect black hole, grey hole, and false misbehavior reporting in wireless sensor networks.
Intrusion Detection against DDoS Attack in WiMAX Network by Artificial Immune...Editor IJCATR
IEEE 802.16, known as WiMax, is at the top of communication technology because it is gaining a great position in the wireless networks. In this paper, an intrusion detection system for DDOS attacks diagnosis is proposed, inspired by artificial immune system. Since the detection unit on all subscriber stations in the network is WIMAX, proposed system is a fully distributed system. A risk theory is used for antigens detection in attack time. The proposed system decreases the attack effects and increases network performance. Results of simulation show that the proposed system improves negative selection time, detection Precision, and ability to identify new attacks compared to the similar algorithm.
This document summarizes an article from the International Journal of Computer Engineering and Technology about enhancing power-aware hybrid intrusion detection architecture in an ad-hoc network using mobile agents. It discusses designing and implementing an energy-efficient anomaly-based cooperative intrusion detection system that applies mobile agent technology to minimize network load, conserve bandwidth, and improve reactivity. It also aims to minimize energy consumption of monitoring nodes using the Back-Propagation algorithm. The paper then presents a new approach to intrusion detection system architecture in ad-hoc networks using mobile agents to determine which network events need monitoring and where.
Wireless ad hoc networks are autonomous nodes that communicate with each other in a
decentralized manner through multi hop radio network. Wireless nodes form a dynamic network
topology and communicate with each other directly without wireless access point. Wireless networks
are particularly vulnerable to intrusions, as they operate in open medium, and use cooperative
strategies for network communication.
AN IMPROVED WATCHDOG TECHNIQUE BASED ON POWER-AWARE HIERARCHICAL DESIGN FOR I...IJNSA Journal
This document proposes an improved watchdog technique for intrusion detection in wireless sensor networks. The technique uses a hierarchical model with cluster head nodes acting as watchdogs to monitor network activity within each cell. This is intended to overcome issues with the original watchdog mechanism and reduce power consumption, extending the lifetime of sensor nodes. The algorithm for malicious node detection involves the cluster head eavesdropping on transmissions, comparing messages to a buffer, and raising warnings if messages do not match. Simulation results showed this approach increased network lifetime by around 2611 seconds compared to a non-hierarchical model.
Similar to HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENSOR NETWORK (20)
Understanding Cybersecurity Breaches: Causes, Consequences, and PreventionBert Blevins
Cybersecurity breaches are a growing threat in today’s interconnected digital landscape, affecting individuals, businesses, and governments alike. These breaches compromise sensitive information and erode trust in online services and systems. Understanding the causes, consequences, and prevention strategies of cybersecurity breaches is crucial to protect against these pervasive risks.
Cybersecurity breaches refer to unauthorized access, manipulation, or destruction of digital information or systems. They can occur through various means such as malware, phishing attacks, insider threats, and vulnerabilities in software or hardware. Once a breach happens, cybercriminals can exploit the compromised data for financial gain, espionage, or sabotage. Causes of breaches include software and hardware vulnerabilities, phishing attacks, insider threats, weak passwords, and a lack of security awareness.
The consequences of cybersecurity breaches are severe. Financial loss is a significant impact, as organizations face theft of funds, legal fees, and repair costs. Breaches also damage reputations, leading to a loss of trust among customers, partners, and stakeholders. Regulatory penalties are another consequence, with hefty fines imposed for non-compliance with data protection regulations. Intellectual property theft undermines innovation and competitiveness, while disruptions of critical services like healthcare and utilities impact public safety and well-being.
In May 2024, globally renowned natural diamond crafting company Shree Ramkrishna Exports Pvt. Ltd. (SRK) became the first company in the world to achieve GNFZ’s final net zero certification for existing buildings, for its two two flagship crafting facilities SRK House and SRK Empire. Initially targeting 2030 to reach net zero, SRK joined forces with the Global Network for Zero (GNFZ) to accelerate its target to 2024 — a trailblazing achievement toward emissions elimination.
An Internet Protocol address (IP address) is a logical numeric address that is assigned to every single computer, printer, switch, router, tablets, smartphones or any other device that is part of a TCP/IP-based network.
Types of IP address-
Dynamic means "constantly changing “ .dynamic IP addresses aren't more powerful, but they can change.
Static means staying the same. Static. Stand. Stable. Yes, static IP addresses don't change.
Most IP addresses assigned today by Internet Service Providers are dynamic IP addresses. It's more cost effective for the ISP and you.
Best Practices of Clothing Businesses in Talavera, Nueva Ecija, A Foundation ...IJAEMSJORNAL
This study primarily aimed to determine the best practices of clothing businesses to use it as a foundation of strategic business advancements. Moreover, the frequency with which the business's best practices are tracked, which best practices are the most targeted of the apparel firms to be retained, and how does best practices can be used as strategic business advancement. The respondents of the study is the owners of clothing businesses in Talavera, Nueva Ecija. Data were collected and analyzed using a quantitative approach and utilizing a descriptive research design. Unveiling best practices of clothing businesses as a foundation for strategic business advancement through statistical analysis: frequency and percentage, and weighted means analyzing the data in terms of identifying the most to the least important performance indicators of the businesses among all of the variables. Based on the survey conducted on clothing businesses in Talavera, Nueva Ecija, several best practices emerge across different areas of business operations. These practices are categorized into three main sections, section one being the Business Profile and Legal Requirements, followed by the tracking of indicators in terms of Product, Place, Promotion, and Price, and Key Performance Indicators (KPIs) covering finance, marketing, production, technical, and distribution aspects. The research study delved into identifying the core best practices of clothing businesses, serving as a strategic guide for their advancement. Through meticulous analysis, several key findings emerged. Firstly, prioritizing product factors, such as maintaining optimal stock levels and maximizing customer satisfaction, was deemed essential for driving sales and fostering loyalty. Additionally, selecting the right store location was crucial for visibility and accessibility, directly impacting footfall and sales. Vigilance towards competitors and demographic shifts was highlighted as essential for maintaining relevance. Understanding the relationship between marketing spend and customer acquisition proved pivotal for optimizing budgets and achieving a higher ROI. Strategic analysis of profit margins across clothing items emerged as crucial for maximizing profitability and revenue. Creating a positive customer experience, investing in employee training, and implementing effective inventory management practices were also identified as critical success factors. In essence, these findings underscored the holistic approach needed for sustainable growth in the clothing business, emphasizing the importance of product management, marketing strategies, customer experience, and operational efficiency.
Unblocking The Main Thread - Solving ANRs and Frozen FramesSinan KOZAK
In the realm of Android development, the main thread is our stage, but too often, it becomes a battleground where performance issues arise, leading to ANRS, frozen frames, and sluggish Uls. As we strive for excellence in user experience, understanding and optimizing the main thread becomes essential to prevent these common perforrmance bottlenecks. We have strategies and best practices for keeping the main thread uncluttered. We'll examine the root causes of performance issues and techniques for monitoring and improving main thread health as wel as app performance. In this talk, participants will walk away with practical knowledge on enhancing app performance by mastering the main thread. We'll share proven approaches to eliminate real-life ANRS and frozen frames to build apps that deliver butter smooth experience.
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...IJAEMSJORNAL
This study aimed to profile the coffee shops in Talavera, Nueva Ecija, to develop a standardized checklist for aspiring entrepreneurs. The researchers surveyed 10 coffee shop owners in the municipality of Talavera. Through surveys, the researchers delved into the Owner's Demographic, Business details, Financial Requirements, and other requirements needed to consider starting up a coffee shop. Furthermore, through accurate analysis, the data obtained from the coffee shop owners are arranged to derive key insights. By analyzing this data, the study identifies best practices associated with start-up coffee shops’ profitability in Talavera. These findings were translated into a standardized checklist outlining essential procedures including the lists of equipment needed, financial requirements, and the Traditional and Social Media Marketing techniques. This standardized checklist served as a valuable tool for aspiring and existing coffee shop owners in Talavera, streamlining operations, ensuring consistency, and contributing to business success.
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENSOR NETWORK
1. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
DOI : 10.5121/ijnsa.2010.2307 102
HIERARCHICAL DESIGN BASED INTRUSION
DETECTION SYSTEM FOR WIRELESS AD HOC
SENSOR NETWORK
Mohammad Saiful Islam Mamun
Department of Computer Science, Stamford University Bangladesh, 51, Siddeshwari,
Dhaka. E-mail : msimamun@kth.se
A.F.M. Sultanul Kabir
Department of Computer Science and Engineering, American International University
Bangladesh, Dhaka. afmk@kth.se
ABSTRACT
In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs.
However, security is one of the significant challenges for sensor network because of their deployment
in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor
network from external attacks, intrusion detection system needs to be introduced. Though intrusion
prevention mechanism is one of the major and efficient methods against attacks, but there might be
some attacks for which prevention method is not known. Besides preventing the system from some
known attacks, intrusion detection system gather necessary information related to attack technique and
help in the development of intrusion prevention system. In addition to reviewing the present attacks
available in wireless sensor network this paper examines the current efforts to intrusion detection
system against wireless sensor network. In this paper we propose a hierarchical architectural design
based intrusion detection system that fits the current demands and restrictions of wireless ad hoc
sensor network. In this proposed intrusion detection system architecture we followed clustering
mechanism to build a four level hierarchical network which enhances network scalability to large
geographical area and use both anomaly and misuse detection techniques for intrusion detection. We
introduce policy based detection mechanism as well as intrusion response together with GSM cell
concept for intrusion detection architecture.
KEYWORD
WSN, IDS, Hierarchical Design, Security
1. INTRODUCTION
There has been a lot of research done on preventing or defending WSN from attackers and
intruders, but very limited work has been done for detection purpose. It will be difficult for
the network administrator to be aware of intrusions. There are some Intrusion Detection
Systems that are proposed or designed for Wireless Ad hoc network. Most of them work on
distributed environment; which means they work on individual nodes independently and try
to detect intrusion by studying abnormalities in their neighbors’ behavior. Thus, they require
the nodes to consume more of their processing power, battery backup, and storage space
which turn IDS to be more expensive, or become unfeasible for most of the applications.
Some of the IDS use mobile agents in distributed environment [8]. Mobile Agent supports
sensor mobility, intelligent routing of intrusion data throughout the network, eliminates
network dependency of specific nodes. But this mechanism still is not popular for IDS due to
mobile agents’ architectural inherited security vulnerability and heavy weight. Some of the
IDSs are attack-specific which make them concentrated to one type of attack [1] . Some of
2. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
103
them use centralized framework which make IDS capable exploiting a personal computer’s
high processing power, huge storage capabilities and unlimited battery back up [21]. Most of
the IDS are targeted to routing layer only [7] [21], but it can be enhanced to detect different
types of attacks at other networking layers as well. Most of the architectures are based on
anomaly detection [18] [2] which examine the statistical analysis of activities of nodes for
detection. Most of the IDS techniques utilize system log files, network traffic or packets in the
network to gather information for Intrusion detection. Some detects only intrusion and some
do more like acquiring more information e.g. type of attacks, locations of the intruder etc.
Though a handsome number of IDS mechanisms are proposed in Wireless ad hoc network but
very few of them can be applicable for Wireless Sensor network because of their resource
constrains. Self-Organized Criticality & Stochastic Learning based IDS [2], IDS for clustering
based sensor Networks [3], A non-cooperative game approach [4], Decentralized IDS [5] are
distinguished among them.
2. EXISTING CHALLENGES
Existing intrusion detection systems are not adequate to protect WSN from Inside and Outside
attackers. None of them are complete. E.g. most of the approaches offer clustering techniques
without mentioning how they will be formed and how will they behave with rest of the
system. Most of the existing IDSs deal with wired architecture except their wireless
counterpart. The architecture of WSN is even more sophisticated than ad hoc wireless
architecture. So, an IDS is needed with capability of detecting inside and outside, known and
unknown attacks with low false alarm rate. Existing IDS architecture that are specifically
designed for sensor networks are suffering from lack of resources e.g. high processing power,
huge storage capabilities, unlimited battery backup etc.
3. WIRELESS SENSOR NETWORK - AN OVERVIEW
According to NIST (National Institute of Standards and Technology) “a wireless ad hoc
sensor network consists of a number of sensors spread across a geographical area” [8]. The
term sensor network refers to a system which is a combination of sensors and actuators with
some general purpose computing elements. A sensor network can have hundreds or even
thousands of sensors; mobile or fixed locations; deployed to control or monitor [7].
A wireless sensor network comprises of sensor nodes to sense data from their ambience, and
passes it on to a centralized controlling and data collecting identity called base station.
Typically, base stations are powerful devices with a large storage capacity to store incoming
data. They generally provide gateway functionality to another network, or an access point for
human interface [21]. A base station may have an unlimited power supply and high
bandwidth links for communicating with other base stations. In contrast, wireless sensors
nodes are constrained to use low power, low bandwidth, and short range links.
4. SECURITY THREATS AND ISSUES
Various security issues and threats that are considered for wireless ad hoc network can be
applied for WSN. This is recited in some previous researches. But the security mechanism
used for wireless ad hoc networks cannot be deployed directly for WSNs because of their
architectural inequality. First, in ad hoc network, every node is usually held and managed by a
human user. Whereas in sensor network, all the nodes are independent and communication is
controlled by base station. Second, Computing resources and batteries are more constrained in
sensor nodes than in ad hoc nodes. Third, the purpose of sensor networks is very specific e.g.
measuring the physical information (such as temperature, sound etc.). Fourth, node density in
sensor networks is higher than in ad hoc networks [10]. Architectural aspect of WSN makes
the security mechanism more prosperous as the base station could be used intelligently.
3. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
104
According to the basic need of security attacks in WSN can be categorized:
• DoS, DDoS attacks which affect network availability
• Eavesdropping, sniffing which can threaten confidentiality
• Man-in-the-middle attacks which can affect packet integrity
• Signal jamming which affects communication
There are many research work has been done in the area of significant security problems.
Here summery of existing well-known threats are discussed.
Table 1: Threats and Attacks in WSN
Attacks Brief Description
Attack on Information in transit Information that is to be sent can be modified, altered,
replayed, spoofed, or vanished by attacker.
Hello flood Attacker with high radio range sends more Hello packet to
announce themselves to large number of nodes in the large
network persuading themselves as neighbor.
Sybil attack Fake multiple identities to attack on data integrity and
accessibility.
Wormhole attack Transmit information between two WSN nodes in secret.
Network partition attack Threats to accessibility though there is a path between the
nodes.
Black Hole Attack The attacker absorbs all the messages.
Sink Hole Attack Similar to black hole. Exception: the attacker advertises
wrong routing information
Selective Forwarding The attacker forwards messages on the basis of some Pre-
selected criterion
Simple Broadcast Flooding The attacker floods the network with broadcast Messages.
Simple Target Flooding The attacker tries to flood through some specific nodes.
False Identity Broadcast Flooding Similar to simple broadcast flooding, except the attacker
deceives with wrong source ID.
False Identity Target
Flooding
Similar to simple target flooding, except the attacker
deceives with wrong source ID.
Misdirection Attack The attacker misdirects the incoming packets to a distant
node.
5. IDS ARCHITECTURE
According to the Network Security Bible – “Intrusion detection and response is the task of
monitoring systems for evidence of intrusions or inappropriate usage and responding to this
evidence”[22]. The basic idea of IDS is to observe user as well as program activities inside
the system via auditing mechanism.
Depending on the data collection mechanism IDS can be classified into two categories: Host
based IDS monitors log files (applications, Operating system etc.) and then compare with logs
of present signature of known attacks from internal database. Network based IDS works in
different way. It monitors packets within communication and inspects suspicious packet
information.
4. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
105
Depending on how attacks are detected, IDS architecture can be categorized into three types:
Signature based IDS which monitors an occurrence of signatures or behaviors which is
matched with known attacks to detect an intrusion. This technique may exhibit low false
positive rate, but not good to detect previously unknown attacks. Anomaly based IDS defines
a profile of normal behavior and classifies any deviation of that profile as an intrusion. The
normal profile of system behavior is updated as the system learns the behavior. This type of
system can detect unknown attacks but it exhibits high false positive. In [11] another type of
Intrusion detection has been introduced. Specification based IDS defines a protocol or a
program’s correct operations. Intrusion is indicated according to those constraints. This type
of IDS may detect unknown attacks, while showing low false positive rate.
In [11] wireless ad hoc network architecture is defined into three basic categories which can
be adjusted to IDS in WSN architecture.
Stand alone
Each node acts as an independent IDS and detects attacks for itself only without sharing any
information with another IDS node of the system, even does not cooperate with other
systems. So, all intrusion detection decisions are based on information available to the
individual node. Its effect is too limited. This architecture is best suited in an environment
where all the nodes are capable of running an IDS [11].
Distributed and cooperative
Though each node runs its own IDS, finally they collaborate to form a global IDS. This
architecture is more suitable for flat wireless sensor networks, where a global IDS is initiated
due to the occurrence of inconclusive intrusions detected by individual node.
Hierarchical
This architecture has been proposed for multilayered wireless network. Here network is
divided into cluster with cluster-heads. Cluster-head acts like a small base station for the
nodes within the cluster. It also aggregates information from the member nodes about
malicious activities. Cluster-head detects attacks as member-nodes could potentially reroute,
modify or drop packet in transmission. At the same time all cluster-heads can cooperate with
central base station to form a global IDS.
To build an effective IDS model, several considerations take place.
First of all Detection Tasks: How will they be separated? Local agent or Global agent.
Whether Local or global agent, an IDS needs to consider how these agents would analyze the
threats. And what would be right sources of information?
Local Agent detects vulnerability of node’s internal Information. It supposed to be active
100% of the time to ensure maximum security. Here Physical/Logical Integrity,
Measurement Integrity, Protocol Integrity, Neighborhood are analyzed from nodes’ status.
Global Agent: To detect anomaly from external information of a node to achieve 100%
coverage of a sensor network. Here main challenges are balancing tasks and network
coverage. In case of hierarchical network, cluster head (CH) controls its section of the
network. CH is the part of global network. In case of flat network Spontaneous Watchdogs
concept is applied. Here premise is “For every packet circulating in the network, there are a
set of nodes that are able to receive both that packet and the relayed packet by the next hop.”
Second consideration is Sharing Information between agents. Information between agents can
be transmitted through cryptography, voting mechanism or trust depending on the network’s
resource constraint.
5. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
106
Third consideration is how to Notify Users. Generally users are behind Base stations. So,
different algorithms can be used to notify base station. E.g. uTesla use secure broadcast
algorithm.
There are different techniques for IDS in Wireless Sensor Network (WSN). Here we represent
some existing IDS models for WSN.
Table 2: Comparative study on existing IDS
Name of the
Intrusion Detection
System
Data
Collection
Mechanism
Detection
technique
Handled attacks Network
Architecture
Hybrid IDS for
Wireless Sensor
Network [6]
Network
based
Anomaly
based
Selective forwarding, sink
hole, Hello flood and
wormhole attacks
Hierarchical
Decentralized IDS in
WSN[5]
Network
based
Anomaly
based
Repetition, Message Delay,
Blackhole, Wormhole,
Data alteration, Jamming,
Message negligence, and
Selective Forwarding
Distributed
Intrusion Detection
in Routing attacks in
Sensor Network [1]
Host based Anomaly
based
DoS , active sinkhole
attacks, and passive
sinkhole.
Distributed
Sensor Network
Automated Intrusion
Detection System
(SNAIDS)[9]
Host based Signature
based
duplicate nodes, flooding,
Black hole, Sink hole
attack, selective
forwarding, misdirection.
Distributed
Self-Organized
critically &
stochastic learning
based IDS for
WSN[2]
Host based Anomaly
based
There is no guideline in
this IDS model of which
attacks it can resist and
which cannot.
Distributed
6. OUR MODEL
In this paper we propose a new model for IDS which concentrates on saving the power of
sensor nodes by distributing the responsibility of intrusion detection to three layer nodes with
the help of policy based network management system. The model uses a hierarchical overlay
design(HOD). We divided each area of sensor nodes into hexagonal region (like GSM cells).
Sensor nodes in each of the hexagonal area are monitored by a cluster node. Each cluster node
is then monitored by a regional node. In turn, Regional nodes will be controlled and
monitored by the Base station.
6. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
107
Figure 1: Hierarchical Overlay Design
This HOD based IDS combines two approaches of intrusion detection mechanisms (Signature
and anomaly) together to fight against existing threats. Signatures of well known attacks are
propagated from the base station to the leaf level node for detection. Signature repository at
each layer is updated as new forms of attacks are found in the system. As intermediate agents
are activated with predefined rules of system behavior, anomaly detection can take part from
the deviated behavior of predefined specification. Thus proposed IDS can identify known as
well as unknown attacks.
6.1 Detection Entities
Sensor Nodes have two types of functionality: Sensing and Routing. Each of the sensor nodes
will sense the environment and exchange data in between sensor nodes and cluster node. As
sensor nodes have much resource constraints, in this model, there is no IDS module installed
in the leaf level sensor nodes.
Cluster Node plays as a monitor node for the sensor nodes. One cluster node is assigned for
each of the hexagonal area. It will receive the data from sensor nodes, analyze and aggregate
the information and send it to regional node. It is more powerful than sensor nodes and has
intrusion detection capability built into it.
Regional Node will monitor and receive the data from neighboring cluster heads and send the
combined alarm to the upper layer base station. It is also a monitor node like the cluster nodes
with all the IDS functionalities. It makes the sensor network more scalable. If thousands of
sensor nodes are available at the leaf level then the whole area will be split into several
regions.
Base Station is the topmost part of architecture empowered with human support. It will
receive the information from Regional nodes and distribute the information to the users based
on their demand.
6.2 Policy based IDS
Policy implies predefined action pattern that is repeated by an entity whenever certain
conditions occur [13]. The architectural components of policy framework include a Policy
Enforcement Point (PEP), Policy Decision Point (PDP), and a Policy repository. The policy
rules stored in Policy repository are used by PDP to define rules or to show results. PDP
translates or interprets the available data to a device-dependent format and configures the
relevant PEPs. The PEP executes the logical entities that are decided by PDP [12]. These
capabilities provide powerful functions to configure the network as well as to re-configure the
system as necessary to response to network conditions with automation. In a large WSN
where Hierarchical Network Management is followed can be realized by policy mechanism to
achieve survivability, scalability and autonomy simultaneously. So in case of failure the
system enables one component to take over the management role of another component. One
of the major architectural advantages of hierarchical structure is any node can take over the
functionality of another node dynamically to ensure survivability. A flexible agent structure
ensures dynamic insertion of new management functionality.
Hierarchical network management integrates the advantage of two (Central and Distributed)
management models [14] and uses intermediate nodes (Regional and Cluster) to distribute the
detection tasks. Each intermediate manager has its own domain called Regional or Cluster
agent which collects and processed information from its domain and passes the required
7. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
108
information to the upper layer manager for further steps. All the intermediate nodes are also
used to distribute command/data/message from the upper layer manager to nodes within its
domain. It should be noted that there is no direct communication between the intermediate
members. Except the leaf level sensor nodes all the nodes in the higher level are configured
with higher energy and storage.
To achieve a policy-based management for IDS the proposed architecture features several
components that evaluate policies: a Base Policy decision Point (BPDP), a number of Policy
decision modules (PDMs) and Policy Enforcement Point(PEP).
BPDP: Base Policy Decision Point
RPA: Regional Policy Agent
LPA: Local Policy Agent
SN: Sensor Node
Figure 2: Hierarchical Architecture of IDS Policy Management
Base Policy Decision Point (BPDP) is the controlling component of the architecture. It
implements policies or intrusion rules generated by the Intrusion Detection Tool (IDT) from
receiving events, evaluating anomaly conditions and applying new rules, algorithms,
threshold values etc. IDT supports creation, deletion, modification, and examination of the
agent’s configurations and policies. It can add new entities e.g. new signature of intrusion,
modify or delete existing entities in RPA and LPA.
Policy Decision Modules (PDMs) are components that implement sophisticated algorithms in
relevant domains. LPAs and RPAs act as PDMs. LPA manages the sensor nodes which is
more powerful than sensor nodes. LPAs perform local policy-controlled configuration,
filtering, monitoring, and reporting which reduces management bandwidth and computational
overhead from leaf level sensor nodes to improve network performance and intrusion
detection efficiency. An RPA can manage multiple LPAs. At the peak BPDP manages and
controls all the RPAs.
Policy Enforcement Points (PEP) are low level Sensor Nodes.
Policies are disseminated from the BPDP to RPA to LPA as they are propagated from PDP to
LPA. Policy agents described above helps IDS by reacting to network status changes globally
or locally. It helps the network to be reconfigured automatically to deal with fault and
performance degradation according to intrusion response.
Base Station
Intrusion Detection Agent
Sensor Nodes
BPDP
RPA RPA
LPA LPA LPA LPA
SN SN SN SN SN SN SNSN
8. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
109
6.3 Structure of Intrusion Detection Agent ( IDA )
The hierarchical architecture of policy management for WSN is shown in the above figure. It
comprises of several hierarchical layers containing Intrusion Detection Agent (IDA) at each
layer. They are Base Policy Decision Point (BPDP), Regional Policy Agent( RPA), Local
Policy Agent (LPA), Sensor Node(SN).
An IDA consists of the following components: Preprocessor, Signature Processor, Anomaly
processor and Post processor. The functionalities are described as follows.
Figure 3: Intrusion Detection Agent Structure
Pre-Processor either collects the network traffic of the leaf level sensor when it acts as an
LPA or it receives reports from lower layer IDA. Collected sensor traffic data is then
abstracted to a set of variables called stimulus vector to make the network status
understandable to the higher layer processor of the agent.
Signature Processor maintains a reference model or database called Signature Record of the
typical known unauthorized malicious threats and high risk activities and compares the
reports from the preprocessor against the known attack signatures. If match is not found then
misuse intrusion is supposed to be detected and signature processor passes the relevant data to
the next higher layer for further processing.
Anomaly Processor analyzes the vector from the preprocessor to detect anomaly in network
traffic. Usually statistical method or artificial intelligence is used in order to detect this kind
of attack. Profile of normal activity which is propagated from Base station is stored in the
database. If the activities arrived from preprocessor deviates from the normal profile in a
statistically significant way, or exceeds some particular threshold value attacks are noticed.
Intrusion detection rules are basically policies which define the standard of access mechanism
and uses of sensor nodes. Here database acts as a Policy Information Base(PIB) or policy
repository.
Post Processor prepares and sends reports for the higher layer agent or base station. It can be
used to display the agent status through a user interface.
Pre Processor
Reports from lower level
sensor / IDA
Anomaly Processor
Post Processor
Signature Processor Signature
Record
9. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
110
6.5 Selection of IDS node
Activating every node as an IDS wastes energy. So minimization of number of nodes to run
intrusion detection is necessary. In [15] three strategies are mentioned involving selection of
Intrusion detection node.
Core defense selects IDS node around a centre point of a subset of network. It is assumed that
no intruder break into the central station in any cluster. This type of model defends from the
most inner part then retaliates to the outer area.
Boundary defense selects node along the boundary perimeter of the cluster. It provides
defense on intruder attack from breaking into the cluster from outside area of the network.
Distributed defense has an agent node selection algorithm which follows voting algorithm
from [16] in this model. Node selection procedure follows tree hierarchy.
Our model follows Core Defense strategy where cluster-head is the centre point to defend
intruders. In core defense strategy ratio of alerted nodes and the total number of nodes in the
network drops, this makes energy consumption very low which make it more economical in
their use of energy as it shows least number of broadcast message in case of attack. It has
strong defense in inner network. Here IDS needs to wait for intruder to reach the core area
[16] which is one of the drawbacks of this strategy as nodes can be captured without notice.
6.6 IDS mechanism in sensor nodes
Intrusions could be detected at multiple layers in sensor nodes (physical, Link, network and
application layer).
In Physical layer Jamming is the primary physical layer attack. Identifying jamming attack
can be done by the Received Signal Strength Indicator (RSSI) [17] [18], the average time
required to sense an idle channel (carrier sense time), and the packet delivery ratio (PDR). In
case of wireless medium, received signal strength has relation with the distance between
nodes. Node tampering and destruction are another physical layer attack that can be prevented
by placing nodes in secured place. During the initialization process Cluster node’s LPA will
store the RSSI value for the communication between Cluster node to leaf level sensor nodes
and sensor to sensor node. Later, at the time of monitoring, Anomaly processor in LPA will
monitor whether the received value is unexpected. If yes, it will feedback RPA by generating
appropriate alarm.
10. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
111
Figure 4: IDS mechanism
Link Layer attacks are collision, denial of sleep and packet replay etc. Here SMAC and Time
Division Multiple Access (TDMA) can be used to detect the anomaly. TDMA [18] is digital
transmission process where each cluster node will assign different time slots for different
sensor nodes in its region. During this slot every sensor node has access to the radio
frequency channel without interference. If any attacker send packet using source address of
any node, e.g. A, but that slot is not allocated to A then LPA’s Anomaly Processor can easily
detect that intrusion. S-MAC [18] protocol is used to assign a wakeup and sleep time for the
sensor nodes. As the sensor has limited power, S-MAC can be implemented for the energy
conservation. If any packet is received from source e.g. A in its sleeping period then LPA can
easily detect the inconsistency.
In Network Layer route tracing is used to detect whether the packet really comes from the best
route. If packet comes to the destination via different path rather than the desired path then the
Anomaly Processor can detect possible intrusion according to predefined rules.
Application Layer uses three level watchdogs. They are in base station, regional node, cluster
node. Sensor nodes will be monitored by upper layer watchdog cluster node and cluster nodes
will be monitored by regional node watchdog and finally the top level watchdog base station
will monitor the regional nodes. So, if any one node is compromised by the attacker then
higher layer watch dog can easily detect the attack and generate alarm.
7. INTRUSION RESPONSE
There are differences between intrusion detection and intrusion prevention. If a system has
intrusion prevention, it is assumed that intrusion detection is built in. IDSs are designed to
welcome intrusion to get into system; where as Intrusion Prevention System (IPS) actually
attempts to prevent access to the system from the very beginning. IPS operates similar to IDS
with one critical difference: “IPS can block the attack itself; while an IDS sits outside the line
of traffic and observes, an IPS sits directly in line of network traffic. Any traffic the IPS
identifies as malicious is prevented from entering the network [19].” So in case of IDS
“Intrusion Response” should be the right title for recovery.
There are two different approaches for intrusion response: Hot response or Policy based
response [20]. Hot response reacts by launching local action on the target machine to end
process, or on the target network component to block traffic. E.g. kill any process, Reset
connection etc. It does not prevent the occurrence of the attack in future. On the other hand
Policy based response works on more general scope. It considers the threats reported in the
alert, constraints and objectives of the information system of the network. It modifies or
11. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
112
creates new rules in the policy repository to prevent an attack in the future. In our proposed
IDS, Base station’s Policy decision point and other policy decision modules take part in the
response mechanism together. BPDP and PDM take part in response mechanism. Intrusion
can be detected either in Cluster node or Regional node. Finally base stations can be involved
anytime if network administrator wants to do so or to update signature database or policy
stored in intermediate agent. Intrusions are detected automatically according to the policy
implemented by BPDP. Re-action is also automatic but administrator may re-design the
architecture according requirements.
In [21] a novel intrusion detection and response system is implemented. We have applied
their idea in our response mechanism with some modification. Our IDS system considers each
sensor nodes into one of five classes: Fresh, Member, Unstable, Suspect or Malicious. We
have Local Policy Agent, Regional Policy Agent and finally Base Policy Decision Point to
take decision about the sensor node’s class placement. Routeguard mechanism use Pathrating
algorithm to keep any node within these five classes [21]. In our model, we have policy or
rules defined in Base station’s BPDP to select any node to be within these five classes as
shown in figure 4. When a new node is arrived, it will be classified as Fresh. For a pre-
selected period of time this new node will be in Fresh state. By this time LPA will check
whether this node is misbehaving or not. In this period the node is permitted to forward or
receive packets from another sensor node, but not its own generated packet. After particular
time its classification will be changed to Member automatically if no misbehave is detected.
Otherwise the node’s classification will be changed to Suspect state. In Member state nodes
are allowed to create, send, receive or forward packets. In this time Member nodes are
monitored by Watchdog at LPA in Cluster node. If the node misbehaves its state will be
changed to Unstable for short span of time. During Unstable state nodes are permitted to send
and receive packets except their own packets. In this state the node will be kept under close
observation of LPA. If it behaves well then it will be transferred to Member state. A node in
Unstable state will be converted to Suspect state in two cases: Either the node was in
Unstable state and interchanged its state within Member and Unstable state for a particular
amount of times (threshold value defined in LPA) within a predefined period or the node was
misbehaving for long time (threshold value). LPA’s Post processor sends “Danger alert” to
RPA whenever Suspect node is encountered. The suspected node is completely isolated from
the network. It is not allowed to send, receive, or forward packets and temporarily banned for
short time. Any packets received from suspected node are simply discarded. After a certain
period of time the node is reconnected and is monitored closely for extensive period of time
by Intrusion Detection Agent in all three layers. If watchdogs report well then node status will
be changed to Unstable. However if it continues misbehaving then it will be labeled as
Malicious. After declaring any node malicious that node permanently banned from this
network. To ensure that this malicious node will never try to reconnect, its MAC address or
any unique ID will be added to Signature Record Database of LPA.
12. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
113
Figure 5 : Operation of Intrusion Response
Survivability is one of the major factors that are predicted from every system. We consider
base stations to be failure free. But the Regional nodes or cluster nodes may be unreachable
due to failure or battery exhaustion. So, in case of failures or any physical damage of
Regional nodes or Cluster nodes, control of that node should be taken over by another stable
node. So in our proposed architecture if any Regional node fails, then its control is shifted to
the neighbor Regional node dynamically.
So, control of the Cluster nodes and sensor nodes belonging to that Regional node will be
shifted automatically to the neighbor node. In the same way if any cluster node fails then
control of that cluster node will be transferred to the neighbor Cluster node.
Figure 6: Cluster nodes failure
So in the proposed architecture if any LPA is unreachable due to failure or battery exhaustion
of cluster nodes, neighbor LPA will take the charges of leaf level sensor nodes which was in
the area of fault cluster node. In the same way due to Regional nodes failure neighbor
Regional node’s RPA will take over the functionality of all the cluster node’s LPA and sensor
nodes belonged to the faulty Regional node dynamically.
13. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
114
Figure 7 : Regional node’s failure
As we mentioned before Cluster nodes or regional nodes havenumberdirect communications
between them. So how will Cluster node or Regional node determine about the failure of its
neighbor? Actually in the proposed architecture Base station has direct or indirect connections
with all its leaf nodes. Base station has direct connection with Regional node. So if any
Regional node fails Base station can identify the problem and select one of its neighbor nodes
dynamically according to some predefined rule in BPDP. Then BPDP needs to supply the
policy, rules, or signatures of failed node to the selected new neighbor Regional node. In the
same way if any cluster node fails then neighbor cluster node will not be informed about its
failure. So in this case Regional node will take necessary action of selecting suitable neighbor
cluster node. Here policy, rules or signatures of the failed cluster node will be supplied by the
BPDP through relevant RPA. So RPA has the only responsibility to select appropriate
neighbor LPA of unreachable LPA. The rest of the work belongs to BPDP of Base station. As
Base station is much more powerful node with large storage; all the signatures, anomaly
detection rules or policies are stored primarily as backup in Base station. This back up system
increases reliability of the whole network system.
8. CONCLUSION
WSN are prone to intrusions and security threats. In this paper, we propose a novel
architecture of IDS for ad hoc sensor network based on hierarchical overlay design. We
propose a response mechanism also according to proposed architecture. Our design of IDS
improves on other related designs in the way it distributes the total task of detecting intrusion.
Our model decouples the total work of intrusion detection into a four level hierarchy which
results in a highly energy saving structure. Each monitor needs to monitor only a few nodes
within its range and thus needs not spend much power for it. Due to the hierarchical model,
the detection system works in a very structured way and can detect any intrusion effectively.
As a whole, every area is commanded by one cluster head so the detection is really fast and
the alarm is rippled to the base station via the region head enabling it to take proper action. In
this paper we consider cluster nodes or Regional nodes to be more powerful than ordinary
sensor nodes. Though it will increase the total cost of network set up, but to enhance
reliability, efficiency and effectiveness of IDS for a large geographical area where thousands
of sensor nodes take place, the cost is tolerable.
14. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
115
Policy based mechanism is a powerful approach to automating network management. The
management system for intrusion detection and response system described in this paper
shows that a well structured reduction in management traffic can be achievable by policy
management. This policy-based architecture upgrades adaptability and re-configurability of
network management system which has a good practical research value for large
geographically distributed network environment.
The IDS in wireless sensor network is an important topic for the research area. Still there are
no proper IDS in WSN field. Many previous proposed systems were based on three layer
architecture. But we introduced a four layer overlay hierarchical design to improve the
detection process and we brought GSM cell concept. We also introduced hierarchical watch
dog concept. Top layer base station, cluster node and regional node are three hierarchical
watchdogs. Our report proposes IDS in multiple layers to make our system architecture
robust.
9. FUTURE WORK
This paper provides a first-cut solution to four layer hierarchical policy based intrusion
detection system for WSN. So there is much room for further research in this area. Proposed
IDS system is highly extensible, in that as new attack or attack pattern are identified, new
detection algorithm can be incorporated to policy. Possible venues for future works include:
• Present model can be extended by exploring the secure communication between base
station, Regional node and cluster node.
• The setting of management functions of manager station more precisely.
• Election procedure to select cluster and regional node: Instead of choosing the cluster
node and regional node manually, there will be an election process that will
automatically detect the cluster node and regional node.
• Implementation of Risk Assessment System in the manager stations to improve the
reaction capability of intrusion detection system.
• In this paper we actually focus on the general idea of architectural design for IDS and
how a policy management system can be aggregated to the system. But an extensive
work needs to be done to define Detection and Response policy as well.
• Overall, more comprehensive research is needed to measure the current efficiency of
IDS, in terms of resources and policy, so that improvements of its future version(s)
are possible.
• Further study is required to determine IDS scalability. To the best of knowledge, its
scalability highly correlates with the scalability of the WSN application and the
policy management in use.
• Building our own Simulator: As all the previous research were based on three layer
architecture, so we are planning to create our own simulator that will simulate our
four layer design.
REFERENCES
[1]. Chong Eik Loo, Mun Yong Ng, Christopher Leckie, Marimuthu Palaniswami. Intrusion
Detection for Routing Attacks in Sensor Networks, International Journal of Distributed Sensor
Networks, Volume 2, Issue 4 December 2006 , pages 313 - 332 DOI: 10.1080/15501320600692044,
15. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
116
[2] S. Doumit and D.P. Agrawal,“Self-organized criticality & stochastic learning based intrusion
detection system for wireless sensor network”, MILCOM 2003 - IEEE Military Communications
Conference, vol. 22, no. 1, pp. 609-614, 2003
[3]. C.-C. Su, K.-M. Chang, Y.-H. Kuo, and M.- F. Horng, “The new intrusion prevention and
detection approaches for clustering-based sensor networks”, in 2005 IEEE Wireless
Communications and Networking Conference, WCNC 2005: Broadband Wirelss for the Masses -
Ready for Take-off, Mar 13-17 2005.
[4]. A. Agah, S. Das, K. Basu, and M. Asadi, “Intrusion detection in sensor networks: A non-
cooperative game approach”, in 3rd IEEE International Symposium on Network Computing and
Applications, (NCA 2004), Boston, MA, August 2004, pp. 343346.
[5]. A. da Silva, M. Martins, B. Rocha, A. Loureiro, L. Ruiz, and H. Wong, “Decentralized intrusion
detection in wireless sensor networks”, Proceedings of the 1st ACM international workshop on
Quality of service & security in wireless and mobile networks- 2005.
[6]. OTran Hoang Hai, Faraz Khan, and Eui-Nam Huh, “Hybrid Intrusion Detection System for
Wireless Sensor Network”, ICCSA 2007, LNCS 4706, Part II, pp. 383–396, 2007. Springer-Verlag
Berlin Heidelberg 2007
[7] C. Karlof and D. Wagner, “Secure routing in wireless sensor networks: Attacks and
countermeasures”, In Proceedings of the 1st IEEE International Workshop on Sensor Network
Protocols and Applications (Anchorage, AK, May 11, 2003).
[8] National Institute of Standards and Technology, “Wireless ad hoc sensor networks”, web:
http://w3.antd.nist.gov/wahn_ssn.shtml, retrieved 12th January,2008.
[9]. Sumit Gupta “Automatic detection of DOS routing attach in Wireless sensor network” MS
thesis, Faculty of the Department of Computer Science University of Houston , December 2006
[10 ] Rodrigo Roman, Jianying Zhou , Javier Lopez, “Applying Intrusion Detection Systems to
wireless sensor networks “,Consumer Communications and Networking Conference, 2006. CCNC
2006. 3rd IEEE, 8-10 Jan. 2006 Volume: 1, On page(s): 640- 644 ISBN: 1-4244-0085-6
[11]. P.Bruth and C. Ko, “ Challenges in Intrusion detection for wireless ad hoc networks” in
Application and the Internet Workshop =s, 2003 proceedings,2003 Symposium on, PP.368373,2003.
[12] R. Chadha, G. Lapiotis, S. Wright, “Policy-Based Networking”, IEEE Network special issue,
March/April 2002, Vol. 16 No. 2, guest editors.
[13] Linnyer Beatrys Ruiz Jose Marcos Nogueira and Antonio A. F. Loureiro. MANNA: A
Management Architecture for Wireless Sensor Networks IEEE Communications Magazine,
2003.2b: http://w3.antd.nist.gov/wahn_ssn.shtml, retrieved 1[68]. Zhou Ying, Xiao Debao, “Mobile
agent based Policy management for wireless sensor network”, ISBN: 0-7803-9335-X/05, 2005
IEEE.
2th
[14] W. Chen, N. Jain and S. Singh, “ANMP: Ad hoc Network Management protocol”, IEEE
Journal on Selected Areas in Communications17(8) (August 1999) 1506-1531.
[15] Piya Techateerawat, Andrew Jennings, “Energy Efficiency of Intrusion Detection Systems in
Wireless Sensor Networks”, Proceedings of the 2006 IEEE/WIC/ACM International Conference on
Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops)(WI-IATW'06) 0-7695-
2749-3/06
16. International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010
117
[16]O. Kachirski and R. Guha. “Intrusion Detection Using Mobile Agents in Wireless Ad Hoc
Networks”, Proceeding of the IEEE Workshop on Knowledge Media Networking, pp. 153-158, 2002
[17] D. R. Raymond and S. F. Midkiff, “Denial-of-Service in Wireless Sensor Networks: Attacks
and Defenses”, IEEE Pervasive Computing, vol. 7, no. 1, 2008, pp. 74-81.
[18] V. Bhuse, A. Gupta, “Anomaly intrusion detection in wireless sensor network” Journal of High
Speed Networks, Volume 15, Issue 1, pp 33-51, Jan 2006
[19]. Bharat Bhargava, Weichao Wang. Visualization of Wormholes in Sensor Networks. New York,
NY, USA: ACM Press, 2004.
[20] P. Albers et al., “Security in Ad Hoc Networks: a General Intrusion Detection Architecture
Enhancing Trust Based Approaches,” 1st Int’l. Wksp. Wireless Info. Sys., Ciudad Real, Spain, Apr.
3–6, 2002.
[21] Zhou, L. and Haas, Z. J., “Securing ad hoc networks”, IEEE Network, Volume 13, Issue 6,
Nov.-Dec. 1999, pp. 24 – 30. January,2008.
[22] FZhang, Y. and Lee W “Intrusion detection in Wireless Ad hoc Networks”, The 6th
annual
international conference on Mobile computing and networking, Boston MA, Aug 2000. PP:275-283